ASSYSTEM_Registration_Document_2017

3

MANAGEMENT REPORT

INTERNAL CONTROL AND RISK MANAGEMENT PROCEDURES PUT IN PLACE BY THE COMPANY RELATING TO THE PREPARATION AND PROCESSING OF ACCOUNTING AND FINANCIAL INFORMATION

3.8.1

INTERNAL CONTROL PLAYERS AND ORGANISATION OF INTERNAL CONTROL PROCEDURES

Assystem's Board of Directors is ultimately responsible for ensuring that the internal control system is implemented properly and functions effectively. Since it is responsible for initiating and spearheading the Group's clearly-expressed strategy of deploying an integrated internal control system, Assystem's management team is the system's owner. However, all Group players are part-owners in the sense that they are the agents and custodians of the system.

The Company has a full set of measures in place intended to control and reduce any risks that could prevent it from achieving its objectives. These measures take the form of procedures, instructions, supervisory arrangements, authorisations, delegations of responsibility, etc. The overall internal control system forms an integrated framework covering the entire scope of the Group: divisions, business units, legal entities, countries, departments and all business processes.

The table below summarises the main roles and responsibilities of each category of internal control player.

Internal control roles and responsibilities

Internal control player

• Initiates and spearheads the internal control system by relaying clear information and guidelines. • Is responsible for deploying the internal control system across the Group and ensuring that it functions effectively. • Ensures that the internal control system is in line with the Group's business strategy and risk portfolio. • Ensures that the Group has a consistent internal control system that is compatible with its overall business strategy and risk profile. • Approves the internal control system and is regularly informed of the findings of audits and the recommendations implemented. • Consults the executive management team in order to form an opinion on the construction and effectiveness of the internal control system. • Ensures the effective functioning of the risk management process related to the preparation of financial information. • Steers the Group's business strategy and sets the targets for consolidated entities, allocates the resources necessary for their achievement and tracks performance based on those targets. The executive management team draws on the work performed by the Quality Department to ensure that client projects are performed to the required standards. • The Financing and Treasury Department, the Management Control Department, the Legal Affairs Department and the divisional and country-level financial directors play a key role in internal control due to their cross-disciplinary skills. • Is responsible for deploying the internal control system within the scope of its remit (i.e. its BU, legal entity, country or department) and ensuring that it functions effectively. • Ensures that the internal control system is aligned with the structure, strategy, tactics and organisation of its scope of remit. • Are actively involved in implementing the internal control system. • Carry out work and operations in compliance with the established internal control system. • Inform Management of any malfunctions and help determine remedial measures.

Board of Directors

Audit Committee

Group executive management team

Finance and legal teams

Operations management

Operations and support staff

3.8.2

INTERNAL CONTROL OBJECTIVES

The overall system also involves the participation of external players, including the Statutory Auditors. It is not part of the legal engagement of the Statutory Auditors to assume ownership of the internal control and risk management systems. Their responsibility is to review these systems and to issue an independent opinion on their suitability. Each year the Statutory Auditors perform a Group audit as part of their legal engagement to certify the consolidated financial statements and to audit the separate financial statements of Group companies. In compliance with French commercial law, the certification of Assystem's consolidated and parent company financial statements is carried out by two Statutory Auditors, who jointly examine all the financial statements, the methods used for their preparation and specific internal control procedures related to the preparation of accounting and financial information.

The Group’s internal control system aims to provide appropriate and reasonable assurance of:

● the reliability of financial information;

● compliance with the applicable legislation and regulations; ● the proper functioning of internal processes, such as those used to safeguard the Group’s business and assets; ● the application of instructions and guidelines stipulated by the Board of Directors; More generally, it helps the Group manage its business activities and ensure the effectiveness of its operations and processes and the efficient use of its resources.

46

ASSYSTEM

REGISTRATION DOCUMENT 2017